Skip to main content

VMware

Vendor security scorecard – 11 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 62
11
CVEs
1
Critical
8
High
0
KEV
0
PoC
8
Unpatched C/H
9.1%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
8
MEDIUM
2
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-20794 Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an CRITICAL 9.3 0.0% 47
No patch
CVE-2025-62623 A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting HIGH 8.8 0.0% 44
No patch
CVE-2025-62624 A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting HIGH 8.8 0.0% 44
No patch
CVE-2026-20751 Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow HIGH 8.3 0.0% 42
No patch
CVE-2026-20879 Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow HIGH 8.3 0.0% 42
No patch
CVE-2026-41723 Stored cross-site scripting in VMware Cloud Foundation Operations (formerly Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject malicious scripts that execute in other users' browsers, including administrators. Affected products include VCF Operations 5.x through 9.1.x, VMware Aria Operations 8.18.x, and VMware Telco Cloud Platform 5.x. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. HIGH 8.0 0.1% 40
No patch
CVE-2026-41702 Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered. HIGH 7.8 0.0% 39
CVE-2026-53475 Credential interception in kubev2v assisted-migration-agent allows network-positioned attackers to harvest vCenter administrator credentials because the agent's vCenter client establishes TLS connections with certificate verification effectively disabled by default. The flaw, reported by Red Hat and tracked as EUVD-2026-36032, has no public exploit identified at time of analysis and an EPSS score of 0.01% (percentile 1%), but successful MITM exploitation yields full administrative access to the targeted vCenter. HIGH 7.4 0.0% 37
No patch
CVE-2025-62627 An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co HIGH 7.2 0.0% 36
No patch
CVE-2026-41722 Stored cross-site scripting in VMware Cloud Foundation Operations (formerly VMware Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject scripts that execute in the browser context of other users, including administrators. The flaw spans VCF Operations 9.x, the legacy 5.x/Aria Operations 8.18.x line, and VMware Telco Cloud Platform 5.x, with a CVSS of 8.0 driven by high impact across confidentiality, integrity, and availability when a victim admin renders the malicious content. No public exploit identified at time of analysis and no EPSS or KEV signal is provided in the input. MEDIUM 5.4 0.1% 27
No patch
CVE-2026-41724 Stored cross-site scripting in VMware Cloud Foundation Operations (and the related Aria Operations / Telco Cloud Platform builds) lets an authenticated user who can create policies, views, or text-widgets inject script that executes in the browser of any user who later views the affected object, including administrators. Because the CVSS vector marks Confidentiality, Integrity, and Availability as High with Scope:Unchanged, a successful payload effectively lets a low-privileged operator escalate to administrative actions inside the Operations console. No public exploit identified at time of analysis and not currently listed in CISA KEV, but a vendor advisory has been issued by Broadcom. MEDIUM 5.4 0.1% 27
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy